last executing test programs: 3.160363346s ago: executing program 2 (id=3): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x8, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x404c001}, 0x40) 2.624710303s ago: executing program 2 (id=6): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)={0x1c, r1, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000054) 1.924849124s ago: executing program 0 (id=1): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001400e9990000000000000000fc000000000000000000000000000000ac1e000100"], 0xb8}}, 0x0) 1.443190794s ago: executing program 2 (id=7): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x3c, r1, 0x431, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_RX={0x5}, @ETHTOOL_A_PAUSE_TX={0x5, 0x4, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44890}, 0x80000d0) 1.241776343s ago: executing program 0 (id=8): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000080)={0xf0f007, 0x3}) 1.085353304s ago: executing program 4 (id=5): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11}}) ioctl(r0, 0x8b19, &(0x7f0000000040)) 739.141812ms ago: executing program 0 (id=9): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x88c00, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000d00)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x0, 0x7fff0006}]}) close_range(r3, 0xffffffffffffffff, 0x0) 665.796768ms ago: executing program 2 (id=10): socket(0x2b, 0x5, 0x5) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) r3 = socket$key(0xf, 0x3, 0x2) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/sync_on_suspend', 0x48b82, 0x0) sendmsg$key(r3, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) 388.537102ms ago: executing program 3 (id=4): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) r1 = syz_clone(0x42180, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(r1, &(0x7f0000000040)='syscall\x00') prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) pread64(r2, &(0x7f0000000500)=""/31, 0x1f, 0x40000000007) 100.894715ms ago: executing program 4 (id=11): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x20040014) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fbdbdf25fc000000000000000000000000000000ffffffff00000000000000000000000000000004000000000a006080", @ANYBLOB], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="b80000001300e9990500000000000000fc000000000000000000000000000000fc00000000000000000000000000000000000000000000000a0030"], 0xb8}}, 0x4000) 0s ago: executing program 1 (id=2): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6f, 0x11, r0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x5, 0x20, 0x3, 0x0, 0x106c, 0x80000001, 0x0, 0x4, 0x0, 0x9, 0x0, 0x4, 0x0, 0x3], 0xeeee0000, 0x3c4210}) ioctl$KVM_RUN(r3, 0xae80, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.44' (ED25519) to the list of known hosts. [ 172.040833][ T5767] cgroup: Unknown subsys name 'net' [ 172.188705][ T5767] cgroup: Unknown subsys name 'cpuset' [ 172.205604][ T5767] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 177.660345][ T5767] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 181.987793][ T5087] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 181.998282][ T5789] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 182.006424][ T5789] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 182.015726][ T5789] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 182.023925][ T5789] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 182.040630][ T5789] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 182.051462][ T5789] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 182.065241][ T5791] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 182.097271][ T5789] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 182.108144][ T5789] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 182.130634][ T5791] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 182.138336][ T52] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 182.148409][ T5791] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 182.157536][ T5791] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 182.172501][ T5791] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 182.185651][ T5791] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 182.186669][ T5798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 182.204851][ T5791] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 182.211574][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 182.234626][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 182.253882][ T5789] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 182.262262][ T5789] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 182.271141][ T5789] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 182.299659][ T5793] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 182.310877][ T5793] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 183.695879][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 183.785558][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 183.924069][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 184.082625][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 184.102992][ T5798] Bluetooth: hci0: command tx timeout [ 184.180492][ T5798] Bluetooth: hci1: command tx timeout [ 184.340207][ T5798] Bluetooth: hci4: command tx timeout [ 184.340318][ T5793] Bluetooth: hci2: command tx timeout [ 184.345813][ T5789] Bluetooth: hci3: command tx timeout [ 184.450657][ T5800] chnl_net:caif_netlink_parms(): no params data found [ 184.812578][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.820409][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.833907][ T5786] bridge_slave_0: entered allmulticast mode [ 184.845461][ T5786] bridge_slave_0: entered promiscuous mode [ 184.859318][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.869251][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 184.901606][ T5788] bridge_slave_0: entered allmulticast mode [ 184.912643][ T5788] bridge_slave_0: entered promiscuous mode [ 184.939220][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.946841][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 184.980500][ T5788] bridge_slave_1: entered allmulticast mode [ 184.992869][ T5788] bridge_slave_1: entered promiscuous mode [ 185.003480][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.012169][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.020411][ T5786] bridge_slave_1: entered allmulticast mode [ 185.029386][ T5786] bridge_slave_1: entered promiscuous mode [ 185.230288][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.248429][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.331723][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.347533][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 185.357873][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.365449][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.373217][ T5794] bridge_slave_0: entered allmulticast mode [ 185.382106][ T5794] bridge_slave_0: entered promiscuous mode [ 185.392878][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.400578][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.408826][ T5795] bridge_slave_0: entered allmulticast mode [ 185.417698][ T5795] bridge_slave_0: entered promiscuous mode [ 185.498595][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.506120][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.514273][ T5794] bridge_slave_1: entered allmulticast mode [ 185.522490][ T5794] bridge_slave_1: entered promiscuous mode [ 185.533235][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.540733][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.548251][ T5795] bridge_slave_1: entered allmulticast mode [ 185.557379][ T5795] bridge_slave_1: entered promiscuous mode [ 185.567136][ T5800] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.574692][ T5800] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.582238][ T5800] bridge_slave_0: entered allmulticast mode [ 185.590780][ T5800] bridge_slave_0: entered promiscuous mode [ 185.750343][ T5800] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.757887][ T5800] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.768942][ T5800] bridge_slave_1: entered allmulticast mode [ 185.778468][ T5800] bridge_slave_1: entered promiscuous mode [ 185.798091][ T5788] team0: Port device team_slave_0 added [ 185.813464][ T5786] team0: Port device team_slave_0 added [ 185.853344][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.892842][ T5788] team0: Port device team_slave_1 added [ 185.905194][ T5786] team0: Port device team_slave_1 added [ 185.918373][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.935162][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.022062][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.083779][ T5800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.180571][ T5789] Bluetooth: hci0: command tx timeout [ 186.201919][ T5800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.213737][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.220964][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.247293][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.260248][ T5789] Bluetooth: hci1: command tx timeout [ 186.264203][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.272777][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.298903][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.318182][ T5794] team0: Port device team_slave_0 added [ 186.332000][ T5795] team0: Port device team_slave_0 added [ 186.363020][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.370222][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.396753][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.410752][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.417831][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.444217][ T5789] Bluetooth: hci3: command tx timeout [ 186.444215][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.444491][ T5798] Bluetooth: hci4: command tx timeout [ 186.450832][ T5793] Bluetooth: hci2: command tx timeout [ 186.476755][ T5794] team0: Port device team_slave_1 added [ 186.489152][ T5795] team0: Port device team_slave_1 added [ 186.596691][ T5800] team0: Port device team_slave_0 added [ 186.613096][ T5800] team0: Port device team_slave_1 added [ 186.673865][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.681059][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.707521][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.749119][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.756319][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.782813][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.850844][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.857892][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.884299][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 186.944752][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.952023][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 186.978261][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.032713][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.039798][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.066300][ T5800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.125592][ T5788] hsr_slave_0: entered promiscuous mode [ 187.134582][ T5788] hsr_slave_1: entered promiscuous mode [ 187.151202][ T5800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.158237][ T5800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 187.184505][ T5800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.208449][ T5786] hsr_slave_0: entered promiscuous mode [ 187.217085][ T5786] hsr_slave_1: entered promiscuous mode [ 187.225393][ T5786] debugfs: 'hsr0' already exists in 'hsr' [ 187.231307][ T5786] Cannot create hsr debugfs directory [ 187.484045][ T5794] hsr_slave_0: entered promiscuous mode [ 187.493049][ T5794] hsr_slave_1: entered promiscuous mode [ 187.501389][ T5794] debugfs: 'hsr0' already exists in 'hsr' [ 187.507244][ T5794] Cannot create hsr debugfs directory [ 187.524640][ T5795] hsr_slave_0: entered promiscuous mode [ 187.533352][ T5795] hsr_slave_1: entered promiscuous mode [ 187.541486][ T5795] debugfs: 'hsr0' already exists in 'hsr' [ 187.547340][ T5795] Cannot create hsr debugfs directory [ 187.682677][ T5800] hsr_slave_0: entered promiscuous mode [ 187.691655][ T5800] hsr_slave_1: entered promiscuous mode [ 187.699253][ T5800] debugfs: 'hsr0' already exists in 'hsr' [ 187.705495][ T5800] Cannot create hsr debugfs directory [ 188.260113][ T5793] Bluetooth: hci0: command tx timeout [ 188.340375][ T5793] Bluetooth: hci1: command tx timeout [ 188.500228][ T5793] Bluetooth: hci2: command tx timeout [ 188.501180][ T5789] Bluetooth: hci3: command tx timeout [ 188.505856][ T5798] Bluetooth: hci4: command tx timeout [ 188.793247][ T5788] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 188.843670][ T5788] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 188.876691][ T5788] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 188.896378][ T5788] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 188.976427][ T5794] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 189.021298][ T5794] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 189.063047][ T5794] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 189.095545][ T5794] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 189.234721][ T5786] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 189.275107][ T5786] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 189.308575][ T5786] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 189.334819][ T5786] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 189.597992][ T5800] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 189.631155][ T5800] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 189.659404][ T5800] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 189.730356][ T5800] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 190.057124][ T5795] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 190.081978][ T5795] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 190.135376][ T5795] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 190.159129][ T5795] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 190.189793][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.341059][ T5798] Bluetooth: hci0: command tx timeout [ 190.412210][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.430161][ T5798] Bluetooth: hci1: command tx timeout [ 190.438719][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.525793][ T4112] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.533148][ T4112] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.580284][ T5798] Bluetooth: hci3: command tx timeout [ 190.585955][ T5793] Bluetooth: hci4: command tx timeout [ 190.586000][ T5789] Bluetooth: hci2: command tx timeout [ 190.637813][ T146] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.645210][ T146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.681104][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.768324][ T146] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.775708][ T146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.800596][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.889231][ T146] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.896721][ T146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.016816][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.172089][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.179453][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.219321][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.226740][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.287794][ T5800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.394949][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.445350][ T5800] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.546001][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.553553][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.678626][ T4112] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.686173][ T4112] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.964826][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.045872][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.053389][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.131211][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.138731][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.415360][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.680398][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.257680][ T5794] veth0_vlan: entered promiscuous mode [ 193.348802][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.395479][ T5794] veth1_vlan: entered promiscuous mode [ 193.816869][ T5800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.889531][ T5786] veth0_vlan: entered promiscuous mode [ 193.996181][ T5794] veth0_macvtap: entered promiscuous mode [ 194.057163][ T5786] veth1_vlan: entered promiscuous mode [ 194.068959][ T5794] veth1_macvtap: entered promiscuous mode [ 194.121262][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.284077][ T5788] veth0_vlan: entered promiscuous mode [ 194.309320][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 194.432439][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 194.457814][ T5788] veth1_vlan: entered promiscuous mode [ 194.468621][ T5800] veth0_vlan: entered promiscuous mode [ 194.554185][ T4112] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.564559][ T4112] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.584839][ T4112] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.595080][ T4112] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.624216][ T5786] veth0_macvtap: entered promiscuous mode [ 194.656354][ T5800] veth1_vlan: entered promiscuous mode [ 194.740629][ T5786] veth1_macvtap: entered promiscuous mode [ 194.897679][ T5795] veth0_vlan: entered promiscuous mode [ 194.929066][ T5788] veth0_macvtap: entered promiscuous mode [ 194.995376][ T5795] veth1_vlan: entered promiscuous mode [ 195.030417][ T5788] veth1_macvtap: entered promiscuous mode [ 195.046536][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.134718][ T5800] veth0_macvtap: entered promiscuous mode [ 195.234198][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.266019][ T5800] veth1_macvtap: entered promiscuous mode [ 195.331830][ T146] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.363101][ T146] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.388464][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.437628][ T146] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.485566][ T146] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.499491][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.563344][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.609441][ T5795] veth0_macvtap: entered promiscuous mode [ 195.692635][ T146] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.752588][ T5800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.776856][ T146] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.822597][ T5795] veth1_macvtap: entered promiscuous mode [ 195.862989][ T146] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.917706][ T146] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.974909][ T146] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.012010][ T60] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.102525][ T60] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.124560][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.189095][ T146] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.248445][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.388623][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.428440][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.494871][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.538351][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 199.669452][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.678259][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.895262][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.906070][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.366974][ T5794] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 201.167465][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.175696][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.404750][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.413047][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.638951][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.647240][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.980953][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.988956][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.144167][ T5978] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1'. [ 202.170832][ T5973] syz.2.6 (5973) used greatest stack depth: 2296 bytes left [ 202.277100][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.285296][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.535317][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.543642][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.759732][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.768126][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.055909][ T5985] warning: `syz.4.5' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 203.099301][ T3401] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.107472][ T3401] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.731442][ T5987] ===================================================== [ 203.745605][ T5987] BUG: KMSAN: uninit-value in iopt_pages_unfill_xarray+0xfe3/0x1660 [ 203.756181][ T5987] iopt_pages_unfill_xarray+0xfe3/0x1660 [ 203.762240][ T5987] iopt_area_remove_access+0x508/0x650 [ 203.767903][ T5987] iommufd_access_unpin_pages+0x637/0xa50 [ 203.774011][ T5987] iommufd_test_access_unmap+0x423/0x6b0 [ 203.790338][ T5987] iommufd_test_staccess_release+0x7f/0x140 [ 203.796408][ T5987] __fput+0x60e/0x1050 [ 203.800767][ T5987] ____fput+0x25/0x30 [ 203.804907][ T5987] task_work_run+0x208/0x2b0 [ 203.809678][ T5987] exit_to_user_mode_loop+0x2ff/0x1b20 [ 203.815552][ T5987] do_syscall_64+0x1d7/0xf80 [ 203.820531][ T5987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.826592][ T5987] [ 203.828990][ T5987] Local variable batch created at: [ 203.834822][ T5987] iopt_pages_unfill_xarray+0x86/0x1660 [ 203.840706][ T5987] iopt_area_remove_access+0x508/0x650 [ 203.853087][ T5987] [ 203.855537][ T5987] CPU: 1 UID: 0 PID: 5987 Comm: syz.0.9 Not tainted syzkaller #0 PREEMPT(voluntary) [ 203.868044][ T5987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 203.878862][ T5987] ===================================================== [ 203.886173][ T5987] Disabling lock debugging due to kernel taint [ 203.892523][ T5987] Kernel panic - not syncing: kmsan.panic set ... [ 203.899074][ T5987] CPU: 1 UID: 0 PID: 5987 Comm: syz.0.9 Tainted: G B syzkaller #0 PREEMPT(voluntary) [ 203.910280][ T5987] Tainted: [B]=BAD_PAGE [ 203.914513][ T5987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 203.924691][ T5987] Call Trace: [ 203.928058][ T5987] [ 203.931068][ T5987] __dump_stack+0x26/0x30 [ 203.935553][ T5987] dump_stack_lvl+0x50/0x1c0 [ 203.940288][ T5987] ? dump_stack+0x12/0x25 [ 203.944771][ T5987] dump_stack+0x1e/0x25 [ 203.949094][ T5987] vpanic+0x435/0xd40 [ 203.953245][ T5987] panic+0x15d/0x160 [ 203.957359][ T5987] kmsan_report+0x31a/0x320 [ 203.962056][ T5987] ? __msan_warning+0x1b/0x30 [ 203.966895][ T5987] ? iopt_pages_unfill_xarray+0xfe3/0x1660 [ 203.972884][ T5987] ? iopt_area_remove_access+0x508/0x650 [ 203.978697][ T5987] ? iommufd_access_unpin_pages+0x637/0xa50 [ 203.984800][ T5987] ? iommufd_test_access_unmap+0x423/0x6b0 [ 203.990752][ T5987] ? iommufd_test_staccess_release+0x7f/0x140 [ 203.996967][ T5987] ? __fput+0x60e/0x1050 [ 204.001343][ T5987] ? ____fput+0x25/0x30 [ 204.005632][ T5987] ? task_work_run+0x208/0x2b0 [ 204.010568][ T5987] ? exit_to_user_mode_loop+0x2ff/0x1b20 [ 204.016377][ T5987] ? do_syscall_64+0x1d7/0xf80 [ 204.021301][ T5987] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.027528][ T5987] ? kmsan_get_metadata+0xf1/0x160 [ 204.032823][ T5987] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 204.038856][ T5987] ? xas_load+0xcec/0xd70 [ 204.043363][ T5987] ? __xas_next+0x142/0x7a0 [ 204.048036][ T5987] ? kmsan_get_metadata+0xf1/0x160 [ 204.053364][ T5987] __msan_warning+0x1b/0x30 [ 204.058063][ T5987] iopt_pages_unfill_xarray+0xfe3/0x1660 [ 204.063919][ T5987] ? kmsan_get_metadata+0xc0/0x160 [ 204.069286][ T5987] ? kmsan_get_metadata+0xf1/0x160 [ 204.074577][ T5987] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 204.080582][ T5987] ? interval_tree_remove+0x158e/0x1730 [ 204.086297][ T5987] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 204.092333][ T5987] iopt_area_remove_access+0x508/0x650 [ 204.098014][ T5987] iommufd_access_unpin_pages+0x637/0xa50 [ 204.103987][ T5987] iommufd_test_access_unmap+0x423/0x6b0 [ 204.109805][ T5987] iommufd_test_staccess_release+0x7f/0x140 [ 204.115868][ T5987] ? __pfx_iommufd_test_staccess_release+0x10/0x10 [ 204.122530][ T5987] __fput+0x60e/0x1050 [ 204.126761][ T5987] ? kmsan_get_metadata+0xf1/0x160 [ 204.132054][ T5987] ? __pfx_____fput+0x10/0x10 [ 204.136887][ T5987] ____fput+0x25/0x30 [ 204.141014][ T5987] task_work_run+0x208/0x2b0 [ 204.145779][ T5987] exit_to_user_mode_loop+0x2ff/0x1b20 [ 204.151455][ T5987] ? __x64_sys_close_range+0x97/0xe0 [ 204.156959][ T5987] do_syscall_64+0x1d7/0xf80 [ 204.161716][ T5987] ? clear_bhb_loop+0x40/0x90 [ 204.166559][ T5987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.172625][ T5987] RIP: 0033:0x7f79ceb9acb9 [ 204.177172][ T5987] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 204.197030][ T5987] RSP: 002b:00007f79cfb17028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 204.205607][ T5987] RAX: 0000000000000000 RBX: 00007f79cee15fa0 RCX: 00007f79ceb9acb9 [ 204.213693][ T5987] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 204.221770][ T5987] RBP: 00007f79cec08bf7 R08: 0000000000000000 R09: 0000000000000000 [ 204.229859][ T5987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.237973][ T5987] R13: 00007f79cee16038 R14: 00007f79cee15fa0 R15: 00007ffe9e4e0988 [ 204.246100][ T5987] [ 204.249789][ T5987] Kernel Offset: disabled [ 204.254223][ T5987] Rebooting in 86400 seconds..